In 2012, Global Payments suffered an online security breach that compromised 1.5m credit card numbers and lost the company $125m. Vice President and Treasurer Lisa Joublanc gives an insider’s perspective on the disaster – and what companies can do to stop costs from spiralling if it happens to them.
Cyberattacks, says Joublanc, are a “whirlwhind” that throws you into “limbo.” Being a criminal offence, they can’t be talked about publicly whilst initial police investigations are underway, making it impossible to meaningfully advise or reassure your customers, even as the blogosphere is buzzing with rumours. If the PR implications aren’t bad enough, finding out now that your insurance brokers aren’t good enough, or that your policy doesn’t cover quite what you thought it did, can be an extraordinarily expensive revelation.
For Global Payments, says Joublanc, the realisation that their existing cyber insurance brokers weren’t up to the job, and the decision to switch to new providers McGriff, Seibels & Williams midway through the process, ended up making things worse. “We switched brokers midstream, which I wouldn’t recommend,” she said. “One of the things we learned during this process was that your policy is a contract. And if you don’t do exactly what it says in the policy, you probably won’t get coverage. So that means every time you want to spend money, you have to get prior approval.”
Other contract caveats that added to the expense were to do with their choice of suppliers. As the crisis unfolded, Global Payments found that their use of preferred suppliers – not those designated by the policy – led to rows with their initial brokers. Now, said Joublanc, the company ensures that all vendors are preapproved through its insurance provider. “So if this happens again, we’re not spending a week or two to look at a contract with a vendor; we do that all up front,” she said.
Cyberattacks are getting more sophisticated all the time and, whilst strong compliance and security measures mitigate the risk, it’s essential that companies also plan for the worst. All-in-all, Joublanc advises, ensuring that your coverage covers all eventualities is the most important consideration. A breach can impact on a company in myriad ways, so understanding that a claim can come from many different channels is key. “Use your broker to talk about scenarios because they’ve gone through it before,” she said. “Also, try to get the broadest coverage that you can.”
Policies to be avoided are those that only apply once customers or regulators start demanding money, for example for compensation or fines. This, Joublanc points out, hardly covers the financial reality of dealing with a cyberbreach. “You’re calling your law firm, you’re working on public relations issues, you’re doing forensics and trying to figure out what has happened,” she said. “All those things are very expensive. So the breadth of your policy is very important.”
The US money market fund reforms came into effect in 2016 and are already dramatically shaping US fund industry with investors flooding out of prime funds and into government securities. While the reforms are similar, they are not the same. GTNews interviews Yeng Bulter, global head of the cash business at State Street Global Advisors on the differences.
Tim de Knegt, strategic finance and treasury manager for the Port of Rotterdam, discusses how he is using blockchain, the challenges he will face in his role of treasury over the next 12 months and the advice he would give to someone starting out their career in treasury.
Treasurers are more interested in cross-border payments and automation than real-time payments, as they are consistently asked to do more with less, argues Rick Burke, head of corporate payments at TD Bank in an exclusive interview.
With rising interest rates being a hot topic at this year’s AFP conference, many treasurers were discussing how they can structure their ... read more